On Sun, 13 May 2007 20:12:23 -0700, Paul Rubin wrote: > Steven D'Aprano <[EMAIL PROTECTED]> writes: >> If I'm mistaken, please explain why I'm mistaken, not just repeat your >> claim in different words. > > if user_entered_password != stored_password_from_database: > password_is_correct = False > ... > if password_is_correct: > log_user_in() > > Does "password_is_correct" refer to the same variable in both places?
No way of telling without a detailed code inspection. Who knows what happens in the ... ? If a black hat has access to the code, he could insert anything he liked in there, ASCII or non-ASCII. How is this a problem with non-ASCII identifiers? password_is_correct is all ASCII. How can you justify saying that non-ASCII identifiers introduce a security hole that already exists in all-ASCII Python? -- Steven. -- http://mail.python.org/mailman/listinfo/python-list